This article is a stub. Please feel free to expand it and make it more encyclopaedic.
Employees should ensure that patient-related information is handled in accordance with the 6 “Caldicott Principles” (outlined in the recommendations of the Caldicott Committee’s Report on the Review of Patient-Identifiable Information, published in December 1997).
Principle 1 – Justify the purpose(s)
Every proposed use or transfer of patient-identifiable information (PII) should be clearly defined and scrutinised to ensure that there is no alternative to the use of such data; continuing use should be reviewed regularly by the relevant “Caldicott Guardian” to ensure that the use remains justified.
Principle 2 – Don’t use patient-identifiable information unless it is absolutely necessary
Patient-identifiable information items should not be used unless there is no alternative and its use is necessary for the medical management of the individual or to protect the health of the public. Administrative convenience is not a reason for using such material
Principle 3 – Use the minimum necessary patient-identifiable information
Where use of patient-identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identifiability.
Principle 4 – Access to patient-identifiable information should be on a strict need to know basis
Only those individuals who need access to the patient-identifiable information should have assess to it, and they should only have access to the items they need to see.
Principle 5 – Everyone should be aware of their responsibilities
All employees who handle patient-identifiable information (both clinical and non-clinical staff) should ensure that they are aware of their responsibilities and obligations to respect patient confidentiality.
Principle 6 – Understand and comply with the law
Every use of patient identifiable information must be lawful. The Chief Executive and senior managers of public (health) sector bodies, as advised by the relevant Caldicott Guardian, are responsible for ensuring that their organisation complies with legal requirements.